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DETAILED ACTION 
Remarks 

1 . In response to communications filed on 07-September-20055 claims 3, 5, 12, 15, and 
19 are amended, and new claims 22-23 are added per applicant's request. Therefore, 
claims 1-23 are presently pending in the application, of which, claims 1 , 12, 15, and 
19 are presented in independent foim 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-14 and 22-23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rallis et al (U.S. Patent No. 6,6,425,084) in view of Adams et al (U.S. Patent 
No. 6,363,485.) 

As to claim 1, Rallis et al teaches a method comprising: 
authenticating a user of a platform during a Basic Input/Output System (BIOS) 
boot process (see column 3, lines 14-17); 
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releasing a first keying material from a token communicatively coupled to the 
platform in response to authenticating the user (see column 3, lines 18-29 and see 
column 5, lines 9-21); and 

decrypt a second BIOS area to recover a second segment of BIOS code (see 
column 1, line 67 through column 2, line 2 and see column 4, lines 10-11, where 
"decrypting" of "validation records" is taught, and see column 3, lines 14-17, where 
the "validation program" resides in "a ROM adapter 34 of the BIOS 30 and is 
executed at boot-up".) 

Rallis et al does not teach: 

combining the first keying material with a second keying material internally 
stored within the platform in order to produce a combination key; and 
using the combination key to deciTpt code. 

Adams et al teaches a multi-factor biometric authentication device and method 
(see Abstract), in which he teaches combining the first keying material with a second 
keying material internally stored within the platform in order to produce a 
combination key (see Abstract, and see column 2, lines 34-39, and see column 3, lines 
10-17); and using the combination key to deci-ypt code (see column 2, lines 48-62, 
and see column 5, lines 44-54, where the "combination key" is read on "secret key".) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Rallis et al by the teaching of 
Adams et al because combining the first keying material with a second keying 
material internally stored within the platform in order to produce a combination key; 
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and using the combination key to deciTpt code, would provide more security for user 
authentications than using a single key for decryption. 



As to claim 2, Rallis et al as modified, teaches the method further comprising: 
continuing the BIOS boot process (see Rallis et al column 3, lines 6-13.) 

As to claim 3, Rallis et al as modified, teaches wherein prior to authenticating the 
user (see Rallis et al column 3, lines 14-17), the method comprises: 

loading a BIOS code including a first BIOS area and a second BIOS area (see 
Rallis et al column 3, lines 6-13, where "loading" is read on "reading into the main 
RAM"), the first BIOS area being a first segment of the BIOS code encrypted with a 
keying material stored within an internal memory of a trusted platform module of the 
platfomi (see Adams et al column 2, lines 39-40) and the second BIOS area being a 
second segment of the BIOS code (see Rallis et al column 4, lines 10-11, where 
"decrypting portions" of the validation record is taught) encrypted with the 
combination key (see Adams et al column 2, lines 34-37 and see column 6, lines 18- 
20.) 

As to claims 4 and 14, Rallis et al as modified, teaches wherein after loading of 
the BIOS code (see Rallis et al column 3, lines 6-13, where "loading" is read on 
"reading into the main RAM"), the method further comprises: 

decrypting the first BIOS area to recover the first segment of the BIOS code (see 
Rallis et al column 4, Hnes 10-11.) 
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As to claim 5, Rail is et al as modified, teaches wherein the first segment of the 
BIOS is encrypted with the keying material and static information pertaining to the 
platfomi (see Rallis et al Abstract; column 1, lines 54-58, where "static information 
pertaining to the platform" is read on "serial number"; and see column 4, lines 21-26.) 

As to claim 6, Rallis as modified teaches wherein the combination key is a value 
formed by perfoi*ming an exclusive OR operation on both the first keying material 
and the second keying material (see Adams et al Abstract, and see column 3, line 59 
through column 4, line 3.) 

As to claim 7, Rallis et al as modified, teaches wherein authentication of the user 
is performed through biometrics (see Rallis et al column 5, lines 9-21, where 
"biometrics" is read on "finger print reader", and see Adams et al column 2, lines 31- 
47.) 

As to claim 8, Rallis et al as modified, teaches wherein the second keying material 
is stored within internal memory of a trusted platform module (see Adams et al 
column 4, line 66 through column 5, line 1.) 

As to claim 9, Rallis et al as modified, teaches wherein the second keying material 
is stored within a section of access-controlled system memory of the platfomi (see 
Adams et al column 5, lines 55-64.) 
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As to claim 10, Rallis et al as modified, teaches wherein prior to authenticating 
the user, the method comprises: 

loading a BIOS code including a first BIOS ai*ea being a first segment of the 
BIOS code encrypted using a selected keying material (see Rallis et al , column 3, 
lines 6-13, where "loading" is read on "reading into the main RAM"); and 

loading an integrity metric including a hash value of an identification information 
of the platform (see Adams et al figure 5 and see column 4, line 60 through column 
5, line 15.) 

As to claim 1 1 , Rallis et al as modified, teaches wherein the identification 
information includes a serial number of an integrated circuit device employed within 
the platform (see Rallis et aK Abstract, see column 1, lines 45-58.) 

As to claim 12, Rallis et al teaches an integrated circuit device (see Abstract and 
see figure 2) comprising: 

a boot block memory unit (see column 3, lines 4-16); and 

a trusted platform module communicatively coupled to the boot block memory 
unit (see figures lA and IB and see column 1, line 45 through column 2, line 57), and 
to deciypt a second BIOS ai ea to recover a second segment of BIOS code (see 
column 1, line 67 through column 2, line 2 and see column 4, lines 10-1 1, where 
"decrypting" of "validation records" is taught, and see column 3, lines 14-17, where 
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the "validation program" resides in "a ROM adapter 34 of the BIOS 30 and is 
executed at boot-up".) 

For the remaining steps of this claim, the applicant is directed to the remai'ks and 
discussions made in claims 1-11 above. 

As to claim 13, Rallis et al as modified, teaches wherein the boot block memory 
unit to load a BIOS code including a first BIOS ai^ea and a second BIOS area (see 
Rallis et al column 3, lines 6-13, where "loading" is read on "reading into the main 
RAM"), the first BIOS area being an encrypted first segment of the BIOS code and 
the second BIOS area being an encrypted second segment of the BIOS code (see 
Rallis et al column 4, lines 10-11, where "decrypting portions" of the vaUdation 
record is taught.) 

As to claim 22, Rallis et al as modified, teaches wherein the static information is a 
serial number or a hash value of the serial number associated with the hardware 
within the platform (see Rallis et al Abstract; column 1, lines 54-58, where "static 
information pertaining to the platform" is read on "serial number"; and see column 4, 
lines 21-26.) 

As to claim 23, Rallis et al as modified, teaches the integrated circuit device being 
implemented within a platform and coupled to an input/output control hub (see Rallis 
et al column 2, line 45 through column 3, line 17) in communication with a processor 
of the platform (see Rallis et al column 4, line 66 through column 5, line 43.) 
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4. Claims 15-21 ai*e rejected under 35 U.S.C. 103(a) as being unpatentable over Rallis et 
al (U.S. Patent No. 6,6,425,084) in view of Adams et al (U.S. Patent No. 6,363,485) . 
and further in view of Lohstroh et al (U.S. Patent No. 5,953,419.) 

As to claim 15, Rallis et al teaches a platform (see figures lA and IB) 
comprising: 

an input/output control hub (ICH) (see column 2, lines 45-57); 

a non-volatile memory unit coupled to the ICH (see figure 2), the non-volatile 
memory unit including a BIOS code (see column 3, lines 4-17.) 

For the remaining steps of this claim, the apphcant is kindly directed to remarks 
and discussions made in claims 1-11 above. 

Rallis et al as modified, still does not teach releasing keying material after 
authentication of a user of the platform. 

Lohstroh et al teaches a secured file distribution (see Abstract), in which he 
teaches releasing keying material after authentication of a user of the platform (see 
column 23, lines 59-67.) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Rallis et al as modified, by the 
teaching of Lohstroh et aK because including releasing keying material after 
authentication of a user of the platform, would enable the system to perform multi- 
level access control and ensure that the keying material for decryption/enciyption of 
data is released to only those users who are authenticated and authorized. 
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As to claim 16, Rail is et al as modified, teaches wherein after loading of the BIOS 
code (see Rallis et al column 3, lines 6-13, where "loading" is read on "reading into 
the main RAM"), the method flirther comprises: 

decrypting the first BIOS area to recover the first segment of the BIOS code (see 
Rallis et al column 4, lines 10-11.) 

As to claim 17, Rallis et al as modified, teaches the platform further comprising a 
hard disk drive coupled to the ICH (see Rallis et al figure 2.) 

As to claims 18 and 21, Rallis et al as modified, teaches wherein the trusted 
platfoiTn module to further unbind keying material associated with the hard disk drive 
to access contents stored within the hai*d disk drive (see Rallis et al column 4, lines 
27-34, where 'unbinding keying material to allow accessing contents" is read on 
"commencing normal computer operations".) 

As to claim 19, Rallis et al teaches a program loaded into readable memory for 
execution by a trusted platform module of a platform (see column 3, lines 6-13, where 
"loading" is read on "reading into the main RAM"). 

For the remaining steps of this claim, the applicant is kindly directed to remarks 
and discussions made in claims 1-11 above. 
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Rallis et al as modified, still does not teach releasing keying material after 
authentication of a user of the platform. 

Lohstroh et al teaches a secured file distribution (see Abstract), in which he 
teaches releasing keying material after authentication of a user of the platform (see 
column 23, lines 59-67.) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Rallis et al as modified, by the 
teaching of Lohstroh et aK because including releasing keying material after 
authentication of a user of the platform, would enable the system to perfoim multi- 
level access control and ensure that the keying material for decrypt ion/encryption of 
data is released to only those users who ai*e authenticated and authorized. 

As to claim 20, Rallis et al as modified, teaches wherein the first BIOS area is the 
first segment of the BIOS code encrypted with a keying material (see Rallis et al 
column 1, line 67 through column 2, line 2 and see column 4, hues 10-11, where 
"decrypting" of "validation records" is taught, and see column 3, lines 14-17, where 
the "validation program" resides in "a ROM adapter 34 of the BIOS 30 and is 
executed at boot-up) and the second BIOS area is the second segment of the BIOS 
code encrypted with the combination key (see Adams et al column 2, lines 34-39 and 
lines 48-62, see column 3, lines 10-17, and see column 5, lines 44-54, where the 
"combination key" is read on "secret key".) 



Application/Control Number; 09/75 1 ,899 Page 1 1 

Art Unit: 2165 

Response to Arguments 

5. Applicant's ai'guments filed on 07-September-2005 with respect to the rejected claims 
in view of the cited references have been fully considered but they are moot in view 
of the new grounds for rejection. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, TfflS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutoiy period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action 
is not mailed until after the end of the THREE-MONTH shortened statutory period, 
then the shortened statutory period will expire on the date the advisory action is 
mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from 
the mailing date of the advisory action. In no event, however, will the statutoi^ 
period for reply expire later than SIX MONTHS from the date of this final action. 

7. Any inquiries concerning this communication or earlier communications from the 
examiner should be directed to Tony Mahmoudi whose telephone number is (571) 
272-4078. The examiner can normally be reached on Mondays-Fridays from 08:00 
am to 04:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jeffi-ey Gaffin, can be reached at (571) 272-4146. 

tm 



December 02, 2005 



